Medium severity6.5NVD Advisory· Published Mar 26, 2026· Updated Apr 15, 2026
CVE-2025-15488
CVE-2025-15488
Description
The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the update_responsive_woo_free_shipping_left_shortcode AJAX action that does not properly validate the content_rech_data parameter before processing it as a shortcode.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <3.4.3
Patches
Vulnerability mechanics
References
1News mentions
1- Wordfence Intelligence Weekly WordPress Vulnerability Report (March 30, 2026 to April 5, 2026)Wordfence Blog · Apr 9, 2026